Biometric Information Privacy Act: Difference between revisions
This needs a lot of work to do, saving for now. |
+cat |
||
| Line 13: | Line 13: | ||
(ii) could have declined such collection without consequence; or | (ii) could have declined such collection without consequence; or | ||
(B) 1 year after the individual’s last intentional interaction with the private entity.</blockquote> | (B) 1 year after the individual’s last intentional interaction with the private entity.</blockquote> | ||
[[Category:US legislation]] | |||
Revision as of 05:54, 5 October 2025
❗Article Status Notice: This Article is a stub
This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼
The Biometric Information Privacy Act (BIPA) is a law set forth on October 3, 2008 in the U.S. state of Illinois, in an effort to regulate the collection, use, and handling of biometric identifiers and information by private entities.
Summary
Section 2
On section 2 of the bill, it clarifies what the term ‘biometric identifier’ means. It says it includes a retina or iris scan, voiceprint, faceprint, fingerprints or palm prints and any other uniquely identifying information based on the characteristics of an individual’s gait or other immutable characteristic of an individual. It does not include writing samples or writing signatures, human biological samples used for testing or screeening, does not include donated organs, tissues, or parts or blood or serum stored on behalf of recipients stored by a federally designated organ procurement agency and more are not included. The bill also clarifies what the term ‘confidential and sensitive information’ means. It means personal information that can be used to uniquely identify an individual or an individual’s account or property and includes genetic markers, genetic testing information, unique identifier numbers to locate accounts or property, account numbers, personal identification numbers, pass codes, driver’s license numbers, or Social Security numbers. It also described what private entity means. It means personal information that can be used to uniquely identify an individual or an individual’s account or property and includes genetic markers, genetic testing information, unique identifier numbers to locate accounts or property, account numbers, personal identification numbers, pass codes, driver’s license numbers, or Social Security numbers. It also clarifies what ‘written release’ means. It means specific, discrete, freely given, unambiguous, and informed written consent given by an individual who is not under any duress or undue influence of an entity or third party at the time such consent is given or, in the context of employment, a release executed by an employee as a condition of employment.
Section 3
Section 3 says this.
Not later than 60 days after the date of the enactment of this Act, any private entity in possession of biometric identifiers or biometric information concerning an individual shall develop and make available to the public a written policy establishing a retention schedule and guidelines for permanently destroying such biometric identifiers and biometric information not later than the earlier of—
(A) the date on which the initial purpose for collecting or obtaining such identifiers or information has been satisfied, if the individual from whom the biometric information was collected— (i) freely consented to the original purpose for such collection; and (ii) could have declined such collection without consequence; or
(B) 1 year after the individual’s last intentional interaction with the private entity.